I am implementing TLS 1.2 via AT-TLS and have a requirement to secure all FTPs using this protocol except for the exchanges occurring via the hipersocket.
I am manually coding the policy since I don't have zOSMF configured. In my policy I have a rule for my unsecure connections, coding both LocalAddr and RemoteAddr with that of our hipersocket subnet. It has a priority of 100 and is first in the policy. I also have a rule for secure connections with no LocalAddr or RemoteAddr with a priority of 10. In my FTPDATA: When I specify SECURE_FTP REQUIRED, all unsecure attempts (inbound and outbound) fail - including those via the hipersocket. When I specify SECURE_FTP ALLOWED, all unsecure attempts (inbound and outbound) are successful - even those NOT using the hipersocket. I turned on tracing and see the rules selected are as I would have expected but it appears the SECURE_FTP parm in FTP data rules, regardless of what's in the policy. Does anyone know if it's possible to do what I am trying do to with one TCPIP stack? Thanks, Mary Vollmer ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
